Eddy Nigg (StartCom Ltd.) wrote: > As I have mentioned previously on this list and in private, for various > reasons I'd like to suggest to change the procedures and the process of > CA root requests to require an official request made by the CA in real > paper by registered postal mail, which would include the most important > details of the CA, the x.509 certificate and fingerprints (in paper) and > the attestation of the auditor in original form (the later could be > returned to the CA after scanning and copying). The audit papers could > be attached to the bug eventually...
This is an idea worth considering; I think if we do decide to implement this we should considering adopting it as part of a formal revision of the policy, because it's a significant departure from our traditional practice. However if we decide to do this I don't think we necessarily need originals of the audit letter and other documents; notarized copies should suffice. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
